On Tuesday 03 January 2017 04:25:54 Mathieu D. wrote: > Hello, > > I would like to keep emails detected as virus by ClamAV on the > filesystem, in order to be able to retrieve false-positive when users > asks for them. After a few days, a simple cronjob would remove them. > > So I though that "VirusEvent" could be an appropriate way to do it. > (Is there any better way?) > > I set the "VirusEvent" in the configuration file to : > VirusEvent /bin/run-parts --lsbsysinit /etc/clamav/virusevent.d/ > > While I am only debugging for the moment, the script `/etc/clamav/ > virusevent.d/test.sh` (chmod'ed +s) contains this: > #!/bin/bash > echo "$(date) ClamAV found $CLAM_VIRUSEVENT_VIRUSNAME into > $CLAM_VIRUSEVENT_FILENAME" >> /tmp/clamav-found_virus.log > > I also tried directly with this: > VirusEvent echo "%v" >> /tmp/clamav-found_virus.log > > But all my tests fails. The /tmp.clamav-found_virus.log doesn't get > anything, while the logs only tells: > > ``` > /var/spool/exim4/scan/1cO7Nt-0005Y4-A5/1cO7Nt-0005Y4-A5.eml: > Heuristics.Phishing.Email.SSL-Spoof(6ed8d5db7b0e9651be9a6d42befc69cb:4 >6580) FOUND > ERROR: VirusEvent: fork failed. > ``` > > Do you have any idea why it doesn't work? > > Best regards,
I've no clue, never tried that. What I do for quaranteen is with a procmail script. Lemme see if I can find it. Yup, here are snippets. At top of file. ############################################################################# # Necessary generic definitions ############################################################################# # needs in fetchmailrc 'defaults mda "/usr/bin/procmail -d gene"' DROPPRIVS=yes VERBOSE=no COMSAT=no NULLBOX = "/dev/null" SPAMBOX = "/home/gene/Mail/spam/new" VIRIBOX = "/var/spool/mail/virii" [...] VERBOSE=YES # Scan for viruses :0 VIRUS=|clamdscan --stdout - :0w * VIRUS ?? ^.*: \/.* FOUND $VIRIBOX VERBOSE=NO ==================== But don't expect a lot of activity. The last time that virii file was updated, was June 6th of last (2016) year. It appears they either are not sending viri by email very often, or clamdscan isn't catching them. And I haven't been attacked, and I don't click on spammy looking links. Ever. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
